First published: Thu Oct 22 2009(Updated: )
The TimeZone.getTimeZone method in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, allows remote attackers to determine the existence of local files via vectors related to handling of zoneinfo (aka tz) files, aka Bug Id 6824265.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Sun Java Runtime Environment (JRE) | <=1.5.0 | |
Sun Java Runtime Environment (JRE) | <=1.6.0 | |
Sun Java Runtime Environment (JRE) | =1.5.0-update_1 | |
Sun Java Runtime Environment (JRE) | =1.5.0-update_11 | |
Sun Java Runtime Environment (JRE) | =1.5.0-update_12 | |
Sun Java Runtime Environment (JRE) | =1.5.0-update_13 | |
Sun Java Runtime Environment (JRE) | =1.5.0-update_14 | |
Sun Java Runtime Environment (JRE) | =1.5.0-update_15 | |
Sun Java Runtime Environment (JRE) | =1.5.0-update_16 | |
Sun Java Runtime Environment (JRE) | =1.5.0-update_17 | |
Sun Java Runtime Environment (JRE) | =1.5.0-update_18 | |
Sun Java Runtime Environment (JRE) | =1.5.0-update_19 | |
Sun Java Runtime Environment (JRE) | =1.5.0-update_2 | |
Sun Java Runtime Environment (JRE) | =1.5.0-update_20 | |
Sun Java Runtime Environment (JRE) | =1.5.0-update_3 | |
Sun Java Runtime Environment (JRE) | =1.5.0-update_4 | |
Sun Java Runtime Environment (JRE) | =1.5.0-update_5 | |
Sun Java Runtime Environment (JRE) | =1.5.0-update_6 | |
Sun Java Runtime Environment (JRE) | =1.5.0-update_7 | |
Sun Java Runtime Environment (JRE) | =1.5.0-update_8 | |
Sun Java Runtime Environment (JRE) | =1.5.0-update_9 | |
Sun Java Runtime Environment (JRE) | =1.5.0-update10 | |
Sun Java Runtime Environment (JRE) | =1.6.0-update_1 | |
Sun Java Runtime Environment (JRE) | =1.6.0-update_10 | |
Sun Java Runtime Environment (JRE) | =1.6.0-update_11 | |
Sun Java Runtime Environment (JRE) | =1.6.0-update_12 | |
Sun Java Runtime Environment (JRE) | =1.6.0-update_13 | |
Sun Java Runtime Environment (JRE) | =1.6.0-update_14 | |
Sun Java Runtime Environment (JRE) | =1.6.0-update_15 | |
Sun Java Runtime Environment (JRE) | =1.6.0-update_2 | |
Sun Java Runtime Environment (JRE) | =1.6.0-update_3 | |
Sun Java Runtime Environment (JRE) | =1.6.0-update_4 | |
Sun Java Runtime Environment (JRE) | =1.6.0-update_5 | |
Sun Java Runtime Environment (JRE) | =1.6.0-update_6 | |
Sun Java Runtime Environment (JRE) | =1.6.0-update_7 | |
Sun Java Runtime Environment (JRE) | =1.6.0-update_8 | |
Sun Java Runtime Environment (JRE) | =1.6.0-update_9 | |
OpenJDK 1.7.0 Headless |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2009-3884 has a moderate severity rating, as it allows remote attackers to determine the existence of local files.
To fix CVE-2009-3884, update to the latest version of Sun Java SE 5.0 Update 22 or 6 Update 17, or a newer version.
CVE-2009-3884 affects Sun Java SE 5.0 versions before Update 22 and Sun Java SE 6 versions before Update 17.
The potential impact of CVE-2009-3884 includes exposing sensitive local file information to remote attackers.
Yes, CVE-2009-3884 is also applicable to OpenJDK implementations.